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AMENDMENTS TO THE CLAIMS 
1 -55. (Previously Canceled) 

56. (Currently Amended) A method of managing access to network 
resources, the method being performed by a network management system in 
communication with a portable communication device via a network, the method 
comprising: 

receiving, at a communications port of a network management system 
from a portable communication device via a network, a first request to access a 
network resource located at an external server, the first request comprising one 
or more network packets , wh i ch i nc l udo hoador and body data, and bo i ng 
conf i gured w i th attr i butes i nc l ud i ng a source address, a checksum, and a port 
numb e r, wh e r ei n th e ch e cksum i s ca l cu l at e d bas e d at le ast i n part on h e ad e r 
and body data of one or more network packets configured with network settings 
that do not correspond to the network ; 

determining, using a processor, whether to provide the portable 
communication device with access to the network resource, the determination 
being based at least in part on comparing one or more of the attr i butes an 
attribute included in the first request to a user profile database; and 

upon determining that the portable communication device is not to be 
provided with access to the network resource, redirecting the portable 
communication device to an authentication system, by: 

receiving, from the redirection server, redirection data comprising 
resource identification data that identifies the authentication system, the 
redirection data configured to cause the portable communication device to 
be redirected to the authentication system; and 

sending, from the communications port of the network 
management system to the portable communication device, a browser 
redirect message based upon the redirection data, the browser redirect 
message configured to indicate that it was sent by the network resource 
and compr i ses attr i butes i n wh i ch at l oast ono of a source address, a 
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checksum, and a port number d i ffers from those attr i butes of tho f i rst 

TGCj U GSt ' 

whereby the portable communication device is enabled, by being 
redirected to the authentication system, to provide authentication-related 
information so that the portable communication system may be provided access 
to the network resource. 

57. (Previously Presented) The method of Claim 56, further comprising 
updating the user profile database upon determining that the portable communication 
device is to be provided with access to the network resource. 

58. (Previously Presented) The method of Claim 56, further comprising 
maintaining in the user profile database a historical log of the portable communication 
device's access to the network resource. 

59. (Previously Presented) The method of Claim 56, wherein the first 
request is an HTTP request. 

60. (Previously Presented) The method of Claim 56, wherein determining 
whether to provide the portable communication device with access to the network 
resource further comprises denying the portable communication device access where 
the user profile database indicates that the portable communication device may not 
access the network resource. 

61. (Previously Presented) The method of Claim 56, wherein the 
determination of whether to provide the portable communication device with access to 
the requested network is based at least in part on one of a port, circuit ID, VLAN ID or 
MAC address. 

62. (Previously Presented) The method of Claim 56, further comprising: 
receiving, from the portable communication device, a second request to 

access a second network resource; and 

determining that the portable communication device is authorized to 
access the second network resource, based at least upon a MAC address 
included in the second request. 
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63. (Currently Amended) A network management system configured to 
manage access to a network resource, the system comprising: 

a network communications interface configured to receive, from a portable 
communication device via a network, a first request to access a network 
resource located external to the network management system, the first request 
comprising a resource locator that identifies the network resource, the first 
request being configured with attr i butes i nc l ud i ng a source address, a checksum, 
and a port numb e r, wh e r ei n th e ch e cksum a ll ows for v e r i fy i ng corr e ct data 
transm i ss i on network settings that do not correspond to the network ; and 

a processor configured to determine whether to allow the portable 
communication device to access the network resource, the determination being 
based at least in part on comparing one or more of th e attributes included in the 
first request to a user profile database; 

the processor further configured to redirect the portable communication 
device to an authentication system, upon determining not to allow the portable 
communication device to access the network resource, by: 

receiving, from the redirection server, redirection data comprising 

resource identification data that identifies the authentication system, the 

redirection data configured to cause the portable communication device to 

be redirected to the authentication system; and 

sending, to the portable communication device, a browser redirect 

message based upon the redirection data, the browser redirect message 

indicating it originated from the network resource and compr i ses attr i butes 

i n wh i ch at le ast on e of a sourc e addr e ss, a ch e cksum, and a port numb e r 

d i ffers from those attr i butes of the f i rst request ; 

whereby the portable communication device is enabled, by being 
redirected to the authentication system, to submit authentication-related 
information so that the portable communication system may be allowed to 
access the network resource. 
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64. (Previously Presented) The network management system of Claim 63, 
wherein the processor is further configured to maintain, in the user profile database, a 
historical log of the portable communication device's access to the network resource. 

65. (Previously Presented) The network management system of Claim 63, 
wherein the first request is an HTTP request. 

66. (Previously Presented) The network management system of Claim 63, 
wherein determining whether to allow the portable communication device to access the 
network resource further comprises denying the portable communication device access 
where the user profile database indicates that the portable communication device may 
not access the network resource. 

67. (Previously Presented) The network management system of Claim 63, 
wherein the determination of whether to allow the portable communication device to 
access the network resource is based at least in part on one of a port, circuit ID, VLAN 
ID or MAC address. 

68. (Previously Presented) The network management system of Claim 63, 
wherein the network interface is further configured to receive, from the portable 
communication device, a second request to access a second network resource, and 
wherein the processor is further configured to determine that the portable 
communication device is authorized to access the second network resource, based at 
least upon a MAC address included in the second request. 

69. (Previously Presented) The network management system of Claim 63, 
wherein the user profile database further stores information relating to a time period 
associated with the portable communication device, and wherein the determination of 
whether to allow the portable communication device to access the network resource is 
further based on an amount of time that has elapsed in relation to the time period 
stored in the user profile database. 

70. (Previously Presented) The network management system of Claim 63, 
wherein the attribute included in the first request comprises a link-layer header of a 
network packet, and wherein the determination of whether to allow the portable 
communication device to access the network resource is based both on the link-layer 
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71 -76. (Previously Canceled) 
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77. (Currently Amended) A method of accessing a network resource by a 
portable communication device, the method performed by a network management 
system in communication with the portable communication device, the method 
comprising: 

receiving, at a communications port of a network management system 
from a portable communication device, a first request to access a network 
resource, the first request comprising one or more network packets , tho f i rst 
r e qu e st furth e r compr i s i ng attr i but e s i nc l ud i ng a sourc e addr e ss, a ch e cksum, 
and a port number, whoro i n tho checksum a ll ows for ver i fy i ng correct data 
transm i ss i on ; 

determining, using one or more processors, whether to provide the 
portable communication device with access to the network resource, the 
determination being based at least in part on comparing one or more of tho 
attributes included in the first request to a user profile database; 

receiving, from a redirection server, redirection data comprising resource 
identification data that identifies an authentication system, the redirection data 
configured to cause the portable communication device to be redirected to the 
authentication system; and 

sending, from the communications port of the network management 
system to the portable communication device, a browser redirect message 
based upon the redirection data, the browser redirect message configured to 
indicate that it was sent by the network resource, the browser redirect message 
being sent upon a determination not to provide the portable communication 
device with access to the network resource , th e brows e r r e d i r e ct m e ssag e 
compr i s i ng attr i butes i n wh i ch at l east one of a source address, a checksum, and 
a port number d i ffers from thoso attr i butes of tho f i rst roquost ; 

whereby the portable communication device is enabled, by being 
redirected to the authentication system, to transmit authentication-related 
information so that the portable communication system may be provided access 
to the network resource. 
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78. (Previously Presented) The method of Claim 77, further comprising 
updating the user profile database upon determining to provide the portable 
communication device with access to the network resource. 

79. (Previously Presented) The method of Claim 77, further comprising 
maintaining in the user profile database a historical log of the portable communication 
device's access to the network resource. 

80. (Previously Presented) The method of Claim 77, wherein the first 
request is an HTTP request. 

81. (Previously Presented) The method of Claim 77, wherein determining 
whether to provide the portable communication device with access to the network 
resource further comprises denying the portable communication device access where 
the user profile database indicates that the portable communication device may not 
access the network resource. 

82. (Previously Presented) The method of Claim 77, wherein the 
determination of whether to provide the portable communication device with access to 
the network resource is one of a port, circuit ID, VLAN ID or MAC address. 

83. (Previously Presented) The method of Claim 77, further comprising: 
receiving, from the portable communication device, a second request to 

access a second network resource; and 

determining to provide the portable communication device with access to 
the second network resource, based at least upon a MAC address included in 
the second request. 
84-86. (Previously Canceled) 
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87. (Currently Amended) A network management system configured to 
manage access of a portable communication device to a network resource, the system 
comprising: 

a network communications interface configured to receive, from a portable 
communication device, a first request to access a network resource, the request 
comprising one or more network packets , th e f i rst r e qu e st furth e r compr i s i ng a 
source — address, — a — checksum — a ll ow i ng — fef — ver i f i cat i on — ef- — correct — data 
transm i ss i on, a port numb e r, and a r e sourc e l ocator that i d e nt i f ie s th e n e twork 
resource ; and 

one or more processors configured to determine whether to allow the 
portable communication device to access the network resource, the 
determination being based at least in part on comparing an attribute included in 
the first request to a user profile database; 

the one or more processors further configured to redirect the portable 
communication device to an authentication system, by performing a method 
operations comprising: 

receiving, from a redirection server, redirection data comprising 
resource identification data that identifies the authentication system, the 
redirection data configured to cause the portable communication device to 
be redirected to the authentication system; and 

sending, from the network communications interface of the network 
management system to the portable communication device, a browser 
redirect message based upon the redirection data, the browser redirect 
message indicating it originated from the network resource, the browser 
redirect message being sent as a result of the determination not to allow 
the portable communication device to access the network resourcer-tbe 
browser red i rect message hav i ng at l east one of a source address, a 
ch e cksum, and a port numb e r that d i ff e rs from thos e attr i but e s of th e f i rst 
rccj u cst * 

whereby the portable communication device is enabled, by being 
redirected to the authentication system, to transmit authentication-related 
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information so that the portable communication system may be allowed to 
access the network resource. 

88. (Previously Presented) The network management system of Claim 87, 
wherein the processor is further configured to maintain, in the user profile database, a 
historical log of the portable communication device's access to the network resource. 

89. (Previously Presented) The network management system of Claim 87, 
wherein the first request is an HTTP request. 

90. (Previously Presented) The network management system of Claim 87, 
wherein determining whether to allow the portable communication device to access the 
network resource further comprises denying the portable communication device access 
where the user profile database indicates that the portable communication device may 
not access the network resource. 

91. (Previously Presented) The network management system of Claim 87, 
wherein the determination of whether to allow the portable communication device to 
access the network resource is based at least in part on one of a port, circuit ID, VLAN 
ID or MAC address. 

92. (Previously Presented) The network management system of Claim 87, 
wherein the network interface is further configured to receive, from the portable 
communication device, a second request to access a second network resource, and 
wherein the processor is further configured to determine that the portable 
communication device is allowed to access the second network resource, based at 
least upon a MAC address included in the second request. 

93. (Previously Presented) The system of Claim 87, wherein the user profile 
database further stores information relating to a time period associated with the 
portable communication device, and wherein the determination of whether the portable 
communication device is allowed to access the network resource is further based on an 
amount of time that has elapsed in relation to the time period stored in the user profile 
database. 

94. (Previously Presented) The system of Claim 87, wherein the first request 
comprises a link-layer header of a network packet, and wherein the determination of 
whether the portable communication device is allowed to access the network resource 
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is based both on the link-layer header of the network packet and on identification 
information provided automatically by a browser of the portable communication device. 

95. (Previously Canceled) 

96. (Previously Presented) The system of Claim 87, wherein the first request 
comprises a TCP packet to open a connection. 

97. (Previously Canceled) 

98. (Previously Presented) The system of Claim 87, wherein the one or 
more processors are further configured to store the first request to access the network 
resource. 

99. (Previously Presented) The system of Claim 87, wherein the portable 
communication device communicates with the network communications interface via a 
network. 

100. (Previously Presented) The method of Claim 77, further comprising 
storing the request to access the network resource. 

101. (Previously Presented) The method of Claim 77, wherein receiving, 
from a portable communication device, a first request to access a network resource 
comprises receiving, from a portable communication device via a network, a request to 
access a network resource. 

102. (Previously Presented) The method of Claim 56, wherein the portable 
communication device is redirected to the authentication system by further storing the 
request to access the network resource. 

103. (Previously Presented) The method of Claim 56, wherein the portable 
communication device is redirected to the authentication system by further 
communicating request data to the redirection server, the request data being based on 
the first request. 

104. (Previously Presented) The method of Claim 56, wherein determining 
whether to provide the portable communication device with access to the network 
resource comprises determining whether the portable communication device is 
authorized to access the requested network resource. 

105. (Previously Presented) The method of Claim 56, wherein the first 
request is configured with network settings that do not correspond to the network. 
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106. (Previously Presented) The method of Claim 56, further comprising 
storing the first request to access a network resource. 

107. (Previously Presented) The method of Claim 56, further comprising 
communicating a modified request to a redirection server, the modified request being 
based upon the first request to access the network resource. 

108. (Previously Presented) The method of Claim 56, wherein the redirection 
data comprises a browser redirect message. 

109. (Previously Presented) The method of Claim 56, wherein the method is 
performed by single device. 

110. (Previously Presented) The method of Claim 56, wherein the method is 
performed by multiple devices in communication with each other. 

111. (Previously Presented) The method of Claim 56, wherein the network 
management system is a gateway device. 

112. (Previously Presented) The network management system of Claim 63, 
wherein the first request is configured with network settings that do not correspond to 
the network. 

113. (Previously Presented) The network management system of Claim 63, 
wherein the processor is further configured to store the first request to access the 
network resource. 

114. (Previously Presented) The network management system of Claim 63, 
wherein the processor is further configured to communicate a modified request to the 
redirection server, the modified request being based upon the first request to access 
the network resource. 

115. (Previously Presented) The network management system of Claim 63, 
wherein the redirection data comprises a browser redirect message. 

116. (Previously Presented) The network management system of Claim 63, 
wherein the processor is further configured to determine whether the portable 
communication device is authorized to access the network resource. 

117. (Previously Presented) The network management system of Claim 63, 
wherein the network management system is a gateway device. 
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118. (Previously Presented) The method of Claim 77, wherein the 
determination of whether to provide the portable communication device with access to 
the network resource is based at least in part on a port. 

119. (Previously Presented) The method of Claim 77, wherein the 
determination of whether to provide the portable communication device with access to 
the network resource is based at least in part on a circuit ID. 

120. (Previously Presented) The method of Claim 77, wherein the 
determination of whether to provide the portable communication device with access to 
the network resource is based at least in part on a VLAN ID. 

121. (Previously Presented) The method of Claim 77, wherein the 
determination of whether to provide the portable communication device with access to 
the network resource is based at least in part on a MAC address. 

122. (Previously Presented) The method of Claim 77, further comprising 
communicating request-related data to a redirection server, the request-related data 
being based on the first request to access the network resource. 

123. (Previously Presented) The method of Claim 77, wherein the resource 
identification data is a URL. 

124. (Previously Presented) The method of Claim 77, wherein the resource 
identification data is a network address. 

125. (Previously Presented) The method of Claim 77, wherein the step of 
determining whether to provide the portable communication device with access to the 
network resource precedes the step of receiving the redirection data. 

126. (Previously Presented) The method of Claim 77, wherein determining 
whether to provide the portable communication device with access to the network 
resource comprises determining whether the portable communication device is 
authorized to access the requested network resource. 

127. (Currently Amended) The method of C l a i m 130 Claim 77 . further 
comprising redirecting, upon determining that the portable communication device is not 
authorized to access the requested network resource, the portable communication 
device to an authentication system. 
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128. (Previously Presented) The method of Claim 77, further comprising 
communicating a modified request to a redirection server, the modified request being 
based upon the request to access the network resource. 

129. (Previously Presented) The method of Claim 77, wherein the redirection 
data comprises a browser redirect message. 

130. (Previously Presented) The method of Claim 77, wherein the method is 
performed by single device. 

131. (Previously Presented) The method of Claim 77, wherein the method is 
performed by multiple devices in communication with each other. 

132. (Previously Presented) The method of Claim 77, wherein the network 
management system is a gateway device. 

133. (Previously Presented) The network management system of Claim 87, 
wherein the one or more processors are configured to determine whether to allow the 
portable communication device to access the requested network resource based at 
least in part on a port. 

134. (Previously Presented) The network management system of Claim 87, 
wherein the one or more processors are configured to determine whether to allow the 
portable communication device to access the requested network resource based at 
least in part on a circuit ID. 

135. (Previously Presented) The network management system of Claim 87, 
wherein the one or more processors are configured to determine whether to allow the 
portable communication device to access the requested network resource based at 
least in part on a VLAN ID. 

136. (Previously Presented) The network management system of Claim 87, 
wherein the one or more processors are configured to determine whether to provide the 
portable communication device with access to the requested network is based at least 
in part on a MAC address. 

137. (Previously Presented) The network management system of Claim 87, 
wherein the one or more processors are further configured to communicate request- 
related to a redirection server, the request-related data being based on the first request 
to access the network resource. 
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138. (Previously Presented) The network management system of Claim 87, 
wherein the resource identification data is a URL. 

139. (Previously Presented) The network management system of Claim 87, 
wherein the resource identification data is a network address. 

140. (Previously Presented) The network management system of Claim 87, 
wherein the one or more processors are further configured to determine whether to 
provide the portable communication device with access to the network resource prior to 
receiving the redirection data. 

141. (Previously Presented) The network management system of Claim 87, 
wherein the one or more processors are further configured to determine whether the 
portable communication device is authorized to access the network resource. 

142. (Previously Presented) The network management system of Claim 87, 
wherein the one or more processor are further configured to redirect upon determining 
that the portable communication device is not authorized to access the requested 
network resource. 

143. (Previously Presented) The network management system of Claim 87, 
wherein the one or more processors are further configured to communicate a modified 
request to a redirection server, the modified request being based upon the request to 
access the network resource. 

144. (Previously Presented) The network management system of Claim 87, 
wherein the redirection data comprises a browser redirect message. 

145. (Previously Presented) The network management system of Claim 87, 
wherein the one or more processors are comprised in the same housing. 

146. (Previously Presented) The network management system of Claim 87, 
wherein the one or more processors are comprised in the separate housings. 

147. (Previously Presented) The network management of Claim 87, wherein 
the network management system is a gateway device. 

148. (New) The method of Claim 56, wherein the first request includes header 
and body data, wherein first request is configured with attributes including a source 
address, a checksum, and a port number, wherein the checksum is calculated based at 
least in part on header and body data of one or more network packets, and wherein the 
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browser redirect message comprises attributes in which at least one of a source 
address, a checksum, and a port number differs from those attributes of the first 
request. 

149. (New) The network management system of Claim 63, wherein the first 
request is configured with attributes including a source address, a checksum, and a port 
number, wherein the checksum allows for verifying correct data transmission, and 
wherein the browser redirect message comprises attributes in which at least one of a 
source address, a checksum, and a port number differs from those attributes of the first 
request. 

150. (New) The method of Claim 77, wherein the first request comprises 
attributes including a source address, a checksum, and a port number, wherein the 
checksum allows for verifying correct data transmission, and wherein the browser 
redirect message comprises attributes in which at least one of a source address, a 
checksum, and a port number differs from those attributes of the first request. 

151. (New) The network management system of Claim 87, wherein the first 
request comprises a source address, a checksum allowing for verification of correct 
data transmission, a port number, and a resource locator that identifies the network 
resource, and wherein the browser redirect message includes at least one of a source 
address, a checksum, and a port number that differs from those attributes of the first 
request. 



